Capita Business Services Limited

Software - COSAIN (Capita)

COSAIN is a secure cloud based (Software as a Service) open source law enforcement data platform.

Features

  • AI Driven social media listening, OSINT, and data mining platform
  • Suite of tools for research, visualisation, consented data, breached data
  • Premium social media, open-source, and publicly available data sources
  • Library of industry specific search terms to aid efficiency
  • OCR of images and translation of social media posts
  • Real-time reporting and alerting, plus sentiment analysis
  • Data exports integrate with multiple industry standard third-party tools
  • De-duplication of volume data, intelligent geo-filtering for location data
  • 2FA, secure hosting, SC/DV/NPPV3 vetted OSINT SME staff
  • Full audit function for organisational risk mitigation

Benefits

  • Designed for law enforcement and first responders
  • Automates identification and reduction of online threat risk and harm
  • Supports situational awareness and decision making during critical incident response
  • Share and collaborate within the COSAIN community, user groups, webinars
  • Strategic roadmap with continual innovative software development designed with users
  • Dedicated account management with relevant experience and sector knowledge
  • 24/7 Support Desk for operational and technical guidance
  • ITIL Service Management, GDPR / ISO27001 compliant, and two-factor authentication
  • Dashboarding capability to review results as analytics

Pricing

£1,300 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

3 1 4 1 0 5 4 8 6 6 1 0 1 6 5

Contact

Capita Business Services Limited Capita Business Services Ltd
Telephone: 08702407341
Email: engagewithus@capita.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
See full terms and conditions for any platform restraints.
System requirements
Access to internet via web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
During standard operating hours, response time within 30 minutes. Outside standard operating/weekends, response within 1-hour. If the incident is urgent, users can call a dedicated support number for immediate response.
Our online support-desk system supports logging/tracking of service requests through web-based customer interface. Customers can create service requests based on priority, product/solution type, status, and customer contact.
The process of capturing important details relating to the service request is done via web form interface and gives the customer the ability to add and update the request.
Customers can raise urgent issues via email/by calling our dedicated support number.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
Refer to service description.
Onsite support
Yes, at extra cost
Support levels
We provide support levels based on four severity levels: 1-4. A critical call would attract a 30-minute response with a non-critical call attracting a four hour response. We provide our support plan for this service as standard with no additional costs within standard operating hours. We provide a client engagement manager to all clients who subscribe to the platform to ensure we provide a consistent service throughout the term of the contract.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
New COSAIN users are offered onsite or remote training sessions at the start of their contract. In addition, all users have access to the following:
1) A dedicated account manager who will help them to implement the training into real world scenarios.
2) Online manual.
3) COSAIN Resources website.
4) How-to-videos.
5) Regular webinars and webinar recordings.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The service has built in functions to meet this requirement.
End-of-contract process
User access is terminated at contract end unless the service is renewed for an additional period.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile and tablets can be used.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
Refer to service description.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Refer to service description.
API
No
Customisation available
No

Scaling

Independence of resources
Underlying cloud infrastructure is designed to meet scalability and resilience requirements to ensure no impact as above.

Analytics

Service usage metrics
Yes
Metrics types
To be agreed during negotiation.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Built in functions allow this requirement to be met.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • HTML
  • PDF
Data import formats
Other
Other data import formats
Text

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Standard availability of the service runs at 99.5%. No service credits are available if this is not met. Further details available on request if necessary.
Approach to resilience
Our Data Centre provider is certified to ISO22301 (Business Continuity Management and Resiliency). All aspects of the Data Centre Facilities are provided N+1 with no single points of failure.
Outage reporting
Users are contacted via email regarding any outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
All support and management access is subject to the same access controls detailed previously.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
18/03/2021
What the ISO/IEC 27001 doesn’t cover
Further information is available on request regarding ISO27001 certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
All policies are available on request. As a minimum we meet ISO27001-2017.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our data centre provider use an ITIL (Information Technology Infrastructure Library) based Change Management process to manage any proposed changes to the infrastructure.
Change request forms ensure that changes are clearly detailed and that all of the relevant personnel have signed these off before any changes are made. Particular attention is given to any impacts potentially to Security and performance.
We maintain a Configuration Management Database which is kept up to date with all information necessary to manage each environment, configuration and dependent service.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our Data Centre provider undertakes monthly security scans of our external IP addresses which highlight both application and infrastructure security risks, for example older versions of web facing software in use. We are notified within 24 hours of any security issues being identified along with a description of the remedial action required and whether this needs to be undertaken by us or the customer and can be carried out immediately.
Systems are monitored 24 hours a day for any potential security incident utilising technology which correlates logs from various sources.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
There is a suite of monitoring tools that maintain a continuous watch on all systems within the datacentres. Any potential compromises are dealt with by an Incident Management Process.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our Data Centres Service Monitoring System alerts based on pre-specified criteria. This can be tailored based on pre-defined processes to ensure that common events are dealt with swiftly or sent on for automated action.
The Service Desk is accessed either by phone or email to report incidents.
Further to an incident a detailed service report is provided to the client outlining the incident, any action and future mitigation. This is provided within 24 hours.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Equal opportunity

Equal opportunity

We are committed to promoting diversity/ensuring nobody discriminates against individuals/groups under the Equality Act 2010. Promoting equality/inclusion is essential to being a responsible business/creating better outcomes for all.
We have demonstrated our commitment to disability inclusion by signing up to the Disability Confident Scheme. Our personal independence business, which supports with disability through our work for DWP, has implemented measures across recruitment, working arrangements and employee training, to become a disability confident leader.
We have sustainable representation of ethnic diversity reflecting the communities we operate in and commit to a 15% Black/Asian and ethnic minority representation across all levels, reflected by the makeup of our executive team. To identify/tackle inequality, we implemented mandatory learning on unconscious bias, to ensure we continue to breakdown stereotypes/unconscious thoughts, when recruiting, promoting, and upskilling staff.
We promote diversity via employee networks, learning, engagement, people, and leadership. Our employment procedures (recruitment-development), focuses on maximising the potential of everyone, developing talent, and recognising their differences. We have established internal network groups (gender, ethnicity, faith, LGBTQ+ and disability) to ensure we continually educate and develop our people.
In relation to Modern Slavery, our suppliers comply with all local laws/regulations providing safe working conditions, treating workers with dignity/respect, acting fairly/ethically and being environmentally responsible. The following policies help us ensure modern slavery is not taking place in our business/supply chains:
-Human Rights Policy: procedures to prevent breaches to human rights standards.
-Diversity/Inclusion Policy: to foster a fair/inclusive workplace, ensuring discrimination is eliminated.
-Procurement Policy: what to expect from CBSL when purchasing goods/services and requirements to be met by Suppliers.
-Code of Conduct: Behaviour standards to create better outcomes.
-Supplier Charter: How we/suppliers conduct business openly, honestly, and transparently.
-Speak Up Policy: Commitments to speaking up about serious concerns in CBSL/Supply Chain.

Pricing

Price
£1,300 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
To be discussed.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.